The State Computer Emergency Response Team of Ukraine (CERT-UA) exposed the plan of cyberattacks that hackers from the UAC-0133 (Sandworm) group wanted to carry out. According to the State Intelligence Service, the attacks were supposed to affect about twenty enterprises in ten regions of the country, dealing with the supply of electricity, water and heat.
The goal of the attacks was to disable information and communication systems (ICS). The hackers planned to use supply chain attacks to gain access to the systems. This method involves introducing malicious software into software products or services used in ICS .This was supposed to cause even more damage against the backdrop of the spring missile attacks on Ukraine's critical infrastructure.
The activities of the Sandworm group associated with the headquarters of the General Staff of the Armed Forces of the Russian Federation (formerly known as the game) are one of the most active and dangerous.
Why is this important?
Russia continues to use cyberattacks as a weapon against Ukraine. Critical infrastructure companies must take all measures to protect their ICs. Every Ukrainian must be aware of this danger and take measures to protect themselves and their data.
Cyber attacks on Ukrainian infrastructure
Since the beginning of Russia's full-scale invasion of Ukraine in 2022, cyber attacks on Ukrainian infrastructure have become more frequent and large-scale. Thus, the number of cyber attacks in Ukraine increased by 62% in 2023.
At the end of the same year, Kyivstar, the largest mobile operator of Ukraine, suffered a large-scale hacker attack. The cyber attack destroyed approximately 40% of the company's infrastructure. Damages were estimated at UAH 3.6 billion.
The Security Service of Ukraine established that the attack on Kyivstar was carried out by the Sandworm hacker group. This case will be transferred to the International Criminal Court in The Hague.
In January 2024, Ukrzaliznytsia, Naftogaz, Ukrposhta, Ukrtransbezpeka, and the Parkovy data center also suffered cyber attacks.
In response to the attack on the latter, Ukrainian hackers from the BLACKJACK group, in cooperation with the SBU, launched a successful cyber attack on the OwenCloud.ru data center.
In addition, the Cyber Army of Russia hackers linked to Sandworm attacked the digital systems of a hydroelectric dam in France and water supplies in the United States and Poland.